Infrastructure/ansible
1
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

base / crypto-policy: always run, even in check mode

Browse source 
We need to always run these even in check mode, because they register
things used in the last one of them. So, this could change this in check
mode if we modify it. Be careful!

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2021-02-10 15:13:19 -08:00
parent b8bdf78196
commit acbf9e21f7
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
roles/base/tasks/crypto-policies.yml
View file

@ -3,6 +3,7 @@
register: currentcryptopolicy
failed_when: "1 != 1"
changed_when: "1 != 1"
check_mode: no
tags:
- crypto-policies
- base/crypto-policies
@ -12,6 +13,7 @@
register: cryptopolicyapplied
failed_when: "1 != 1"
changed_when: "1 != 1"
check_mode: no
tags:
- crypto-policies
- base/crypto-policies
@ -19,6 +21,7 @@
- name: Set crypto-policy on fedora 33 and higher hosts to allow 2fa to work
command: "update-crypto-policies --set DEFAULT:FEDORA32"
when: "ansible_distribution_major_version|int >= 33 and (currentcryptopolicy.stdout.find('DEFAULT:FEDORA32') == -1 or cryptopolicyapplied.rc != 0)"
check_mode: no
tags:
- crypto-policies
- base/crypto-policies